Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Infographic: 70 Percent of World's Critical Utilities Breached
Newest First  |  Oldest First  |  Threaded View
mcohn201
50%
50%
mcohn201,
User Rank: Author
8/20/2014 | 10:11:51 PM
Re: What do you mean by breach?

@Marily Cohodas – The breakdown was that 32% experienced at least 1 incident in the last year, 18% had 2 to 5 incidents, and 17% experienced more than 5 incidents.  While we don't have specifics on what "confidential information" was compromised or the length of disruptions from this study, we know that databases, end user devices (desktops, laptops, smartphones, and tablets) and cloud-based systems took the top 3 slots for most frequently compromised as a result of security breaches over that year followed by servers and industrial control systems.

mcohn201
100%
0%
mcohn201,
User Rank: Author
8/20/2014 | 10:09:28 PM
Re: Silicon Valley substation attack a prototype?

@Bprince - The data covers both.  Our Ponemon partner plans to follow on with a scaled down ICS–focused survey targeting respondents on the ICS side.

mcohn201
100%
0%
mcohn201,
User Rank: Author
8/20/2014 | 10:08:35 PM
Re: Silicon Valley substation attack a prototype?

@Charlie Babcock - Interesting you reference that incident. We tend to think from an IoT perspective about the importance of infosec and physical security professionals working together at strategic and tactical levels to protect corporate or government assets. But my impression is that was a pure physical attack:  rifle fire after advance recon and comm lines cut with shell casings wiped clean.  It highlights uncomfortable vulnerability to physical attack of critical infrastructure and presence of a capable threat actor with military mindset.

GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
8/18/2014 | 3:27:54 PM
Re: Misleading research?
The loss or disruption of operations could be the result of a breach.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/18/2014 | 10:13:34 AM
Misleading research?

Post from Twitter "clappymonkeyAug 17, 3:51pm via Twitter for Android" questioning the research:

@DarkReading A loss of operation is not a breach. Misleading research is misleading

Thoughts anyone?

Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
8/18/2014 | 7:52:26 AM
What do you mean by breach?
Mark  -- Can you give us some context for the statistic that 68 percent or respondents reported at least "one security compromise that led to the loss of confidential information or disruption of services"? How much information? How long of a disruption? Are there any more details you can share?

That said, an even  more disturbing number is the percentage (26%) of utility security execs who say they can effectively manage security risks...

 
Bprince
50%
50%
Bprince,
User Rank: Ninja
8/15/2014 | 8:39:36 PM
Re: Silicon Valley substation attack a prototype?
Wow. That's disturbing. 70 percent seems extremely high. I'm legitimately surprised at that number. But are these corporate network issues or control system issues? Still bad either way, but much more serious if these are ICS.

BP
Charlie Babcock
100%
0%
Charlie Babcock,
User Rank: Ninja
8/15/2014 | 7:33:01 PM
Silicon Valley substation attack a prototype?
I suspect the public utility infrastructure is more vulnerable than we realize. There was an incident earlier this year -- almost a proof of concept test -- of a physical attack on a PG&E Silicon Valley electricity substation. Vandals with rifles from a safe distance took out several transformers, then disappeared long before any authorities could get there. They had plotted their approach and exit carefully, along routes that made their apprehension quite improbable. No special training or tools required. No one caught.


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32094
PUBLISHED: 2021-05-07
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.
CVE-2021-32095
PUBLISHED: 2021-05-07
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.
CVE-2021-32096
PUBLISHED: 2021-05-07
The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.
CVE-2021-32098
PUBLISHED: 2021-05-07
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
CVE-2021-32099
PUBLISHED: 2021-05-07
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.